UPN making user not known


I am trying to setup DUO proxy but i am stuck. To login on LDAP i need to send user@UPN (user@example.com) to DUO proxy but user is registered in DUO as user (not as user@UPN) and i am getting error saying that that user is not registered. Below is log output:

user binddn fetched: username=user binddn=user@example.com
ldap bind failed: error=“LDAP Result Code 49 “Invalid Credentials”: Please enroll at https://■■■■■■■■■■■■■■■■■■■■■■/portal?code=code&akey=akey

Is there way to strip down UPN from DUO request and query LDAP with just user from proxy side or is my only option to add alias for every user with every UPN i use(i have multiple UPN-s)?

Best regards

Is " Policy & Access Control forum" right section for this question?

There are a few options here that may or may not apply…

  1. Enable username normalization on the Duo LDAP application. This requires that the UPN prefix matches the username in Duo (“someuser” = “someuser@example.com”.

  2. Add the “someuser@example.com” UPN value as a username alias to the existing “someuser” Duo username.

There’s an option for [ad_client] that lets you specify the username attribute, but this is the attribute matched for primary auth, and doesn’t change the LDAP username received by the Duo proxy from the requesting application or service.

Thank you so much. Option 1. is what i was looking for :smile: